A security researcher at Juniper Networks has developed?a new form of attack that can be used to run unauthorized software on a wide range of computing devices, including routers and mobile phones.
In a demonstration set to take place at the CanSecWest security conference in Vancouver Thursday, Juniper’s Barnaby Jack says he will show how this technique could be used to take control of a router and then inject malicious software on virtually every machine on the network.
Jack says he has discovered a way to turn a common type of computing error — called a null pointer dereferencing error — into something far more dangerous than previously thought. Researchers have known for years how to create these flaws, which occur when the computer tells a program that the part of memory that it’s looking for is invalid, or “null.”
continued @ InfoWorld